<?php

session_start();

include_once("connexion.php");

if ($_SESSION['log'] == 1) {
	if (isset($_POST["OK"])){
		$ancien_mdp = $_POST["ancien_mdp"];
		$mdp1 = $_POST["mdp1"];
		$mdp2 = $_POST["mdp2"];
		$sql = "SELECT * FROM utilisateurs WHERE id=".$_SESSION['id_user'];
		$req = mysqli_query($bdd, $sql);
		$query = mysqli_fetch_array($req); 

		if ($ancien_mdp != $query['password']) {
			echo "Ancien MDP incorrecte";
			}else if ($mdp1 != $mdp2) {
				echo "Confirmation du MDP incorrecte";
				}else{
					$query = "UPDATE utilisateurs SET 
						password = '".$mdp1."' 
						WHERE id = ".$_SESSION['id_user'];
					
					$resultat = mysqli_query($bdd,$query);

					echo "MDP changer avec succes ;-)";
		
		}
	}
}

$erreur = "";

include_once("modification_mdp.html");
?>